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SPECIFICATION 

TITLE OF THE INVENTION: USER AUTHENTICATION SYSTEM, USER 
AUTHENTICATION CARD AND USER AUTHENTICATION DEVICE 
CLAIMS 

5 Claim 1. A user authentication system comprising a registration station 

provided with an information acquisition device for obtaining biological 
individuality data for distinguishing individuality of a user, an authentication card 
issuing station that issues to the user a user authentication card recorded with 
at least a part of the biological individuality data, and an authentication access 

10 terminal provided with an authentication-card reader for reading the information 
of the user authentication card and an identity acquisition device for inputting 
biological individuality data of the user, wherein the recorded contents in the 
user authentication card read out by the authentication card reader are 
compared with the biological individuality data of the user input to the identity 

15 acquisition device to authenticate that the user is the legitimate proprietor of the 
user authentication card. 

Claim 2. A user authentication system comprising a registration station 
provided with an information acquisition device for obtaining biological 
individuality data for distinguishing individuality of a user, an authentication card 

20 issuing station that issues to the user a user authentication card recorded with 
at least a part of the biological individuality data, and an authentication access 
terminal provided with an identity acquisition device for obtaining biological 
individuality data of the user and an identity information writing device for 
inputting the obtained biological individuality data in said user authentication 

25 card, wherein the contents of biological individuality data recorded in said user 
authentication card are compared with the biological individuality data of the 
user obtained by said identity acquisition device by using a computing function 
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to authenticate that the user is the legitimate proprietor of the user 
authentication card. 

Claim 3. The user authentication system according to claim 1 or 2, 
comprising further at least one certification authority that is connected to said 
5 authentication access terminal through an information communication channel, 
wherein the certification authority holds the record of the remaining part of the 
biological individuality data that was obtained at the registration station but not 
recorded in the user authentication card, and the part of the biological 
individuality data missing in the user authentication card is compared in 
10 response to an inquiry from said authentication access terminal for further 
authentication. 

Claim 4. The user authentication system according to claim 3, wherein 
the information exchanged through the information communication channel is 
encrypted. 

15 Claim 5. The user authentication system according to claim 3 or 4, 

wherein the two or more said certification authorities dividedly record part of the 
biological individuality data obtained at the registration station but not recorded 
in the user authentication card, and each certification authority compares the 
biological individuality data of the user input at the authentication access 

20 terminal with the part of the biological individuality data stored in the certification 
authority in response to inquiry from the authentication access terminal or other 
certification authority for further authentication. 

Claim 6. The user authentication system according to any of claims 1 
through 5, wherein the certification authority is provided with a memory device 

25 for recording the biological individuality data obtained at said registration 
station: 

Claim 7. The user authentication system according to claim 6, wherein 
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a memory medium recoding the biological individuality data in said certification 
authority can be cut off from the information communication channel of the user 
authentication system. 

Claim 8. The user authentication system according to any of claims 1 
5 through 7, wherein said biological individuality data is handwriting. 

Claim 9. The user authentication system according to any of claims 1 
through 8, wherein plural kinds of biological individuality data are registered so 
that different transactions can be conducted in response to the kind of the input 
data. 

10 Claim 10. A user authentication card capable to be used for the user 

authentication system according to any of claims 1 through 9, comprising a 
memory medium provided with a readable memory area which stores a signal 
for identifying the authentication card and at least part of the biological 
individuality data for distinguishing the individuality of a user from others. 

15 Claim 11. The user authentication card of claim 10, comprising further a 

CPU and a RAM. 

Claim 12. The user authentication card of claim 10 or 11, wherein said 
memory medium is a magnetic recording medium. 

Claim 13. The user authentication card of claim 10 or 11, wherein said 
20 memory medium is an IC card. 

Claim 14. A user authentication device comprising an authentication-card 
reader for reading the information recorded in a user authentication card, an 
identity acquisition device for inputting biological individuality data of the user, a 
judgment device for judging the authenticity by comparing the biological 
25 individuality data recorded in the user authentication card read by said 
authentication-card reader and the biological individuality data of the user input 
in said identity acquisition device, and a display device for displaying a 
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judgment result. 

Claim 15. The user authentication device, wherein said identity 
acquisition device has a handwritten figure acquisition function. 

Claim 16. The user authentication device of claim 15 or 16 comprising 
5 further a communication device for sending at least a part of biological 
individuality data of a user input to the identity acquisition device to an external 
certification authority and receiving a judgment result of authenticity, wherein 
the judgment result is displayed through said display device. 
BACKGROUND OF THE INVENTION 
10 [0001] 

Technical Field of the Invention 

The present invention relates to a user authentication system for 
execution of individual authentication in electronic information exchange, 
electronic commercial transaction and so on, a user authentication card and a 
1 5 user authentication device for use in the user authentication system. 
[0002] 
Related Art 

The kinds of information accessible through communication networks 
have become extremely diverse in recent years, which range from electronic 
20 commerce such as product trading or credit to on-line medical diagnoses or 
individual medical records, and to perusal of registered items or the issue of 
certificates from public offices. The application and utilization of such 
information are increasing for years. 
[0003] 

25 Such personal information has something to do with individual's privacy, 

and it should not be often approved the use if there is not a guarantee against 
leaks of the information to public. To establish a more convenient 
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information-based society associated with advances in electronic information 
communication networks, there has been a demand for a highly reliable user 
authentication system capable of making a clear distinction between individuals. 
Such a mechanism for authenticating personal identity can also be used 
5 in a lock device to prohibit entrance of unauthorized persons into a laboratory, a 
business office, or a house, and for an improvement in security of electronic 
money. 
[0004] 

The password has been most commonly used in authenticating user 
10 identity. The password is easy to use, but it is hard to eliminate thieves who 
steal the user's passwords. To prevent password thefts, the user takes care in 
protecting the security of password such as to use a long password, to select a 
password difficult to guess, or to change the password on occasion. 
Cryptography has also widely been used for security in communications, which 
15 encrypts communication contents to prevent others from recognizing the 
contents easily even when data leakage occurs. 
[0005] 

Nevertheless, such security measures cannot be perfect, and the 
password may be stolen by others through wiretapping communication, 
20 cracking the encrypted code, or stealing a look at the password. Further, the 
more complicated the password is, the more difficult for the user to remember. 
It is also essential that any complicated data can be duplicated by any means 
as soon as the password is stored as digital data. 
[0006] 

25 To prevent others from pretending the user and authenticate user identity 

securely, there has been considered another method of authenticating user 
identity based on information indicative of so-called biological individuality of the 
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user such as a fingerprint or voiceprint. However, the biological individuality 
data has generally a large quantity of information, and this requires extremely 
dense traffic flows between an authentication access terminal and a certification 
authority in which the user's biological information is stored. Such dense traffic 
5 flows may cause a traffic jam in a communication channel and increase of 
communication time, and it is hard to apply this method to practical use except 
for special environments. In the method, other. problems also remain with the 
data managing place and managing method. 
[0007] 

10 Problems to be Solved by the Invention 

It is therefore an object to be solved by the present invention to provide a 
user authentication system that can obtain a quick response while retaining a 
high level of security in authenticating personal identity for electronic information 
exchange or electronic business transaction, and a user authentication card and 

15 a user authentication device for use in the user authentication system. 
[0008] 

Means to Solve the Problems 

In order to solve the aforementioned objects, a user authentication 
system of the present invention comprises a registration station provided with 

20 an information acquisition device for obtaining biological individuality data for 
distinguishing individuality of a user, an authentication card issuing station that 
issues to the user a user authentication card recorded with at least a part of the 
biological individuality data, and an authentication access terminal provided with 
an authentication-card reader for reading the information of the user 

25 authentication card and an identity acquisition device for inputting biological 
individuality data of the user, in which the recorded contents in the user 
authentication card read out by the authentication card reader are compared 



6 



with the biological individuality data of the user input to the identity acquisition 
device to authenticate that the user is the legitimate proprietor of the user 
authentication card. 
[0009] 

5 A second user authentication system of the present invention comprises 

a registration station provided with an information acquisition device for 
obtaining biological individuality data of a user, an authentication card issuing 
station that issues to the user a user authentication card recorded with at least a 
part of the biological individuality data, and an authentication access terminal 

10 provided with an identity acquisition device for obtaining biological individuality 
data of the user and an identity information writing device for inputting the 
obtained biological individuality data in the user authentication card, in which 
the contents of biological individuality data recorded in the user authentication 
card are compared with the biological individuality data of the user obtained by 

15 the identity acquisition device by using a computing function to authenticate that 
the user is the legitimate proprietor of the user authentication card. 
[0010] 

It is preferable that the user authentication of the present invention 
comprises further at least one certification authority that is connected to the 

20 authentication access terminal through an information communication channel, 
in which the user authentication card holds a part of the biological individuality 
data that was obtained at the registration station and the certification authority 
holds the record of the remaining part thereof not recorded in the user 
authentication card, and the part of the biological individuality data missing in 

25 the user authentication card is compared in response to an inquiry from the 
authentication access terminal for further authentication. 

It is preferable that the information exchanged mutually through the 
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information communication channel is encrypted to guarantee the security. 
[0011] 

Moreover, it is preferable that the two or more the certification authorities 
dividedly record part of the biological individuality data obtained at the 
5 registration station but not recorded in the user authentication card, and each 
certification authority compares the biological individuality data of the user input 
at the authentication access terminal with the part of the biological individuality 
data stored in the certification authority in response to inquiry from the 
authentication access terminal or other certification authority for further 
10 authentication. 

Further, in the user authentication system, the certification authority may 
be provided with a memory device for recording the biological individuality data 
obtained at the registration station. 

It is preferable that a memory medium recoding the biological individuality 
15 data in the certification authority can be cut off from the information 
communication channel of the user authentication system. 

Handwriting may be used as the biological individuality data. 

[0012] 

In the user authentication system of the invention, the user authentication 
20 card records thereon at least a part of the biological individuality data that 
distinguishes the individuality of a user from others, and the biological 
individuality data in the user authentication card are compared with the 
biological individuality data input by the user on the spot, so that only the true 
user can pass in authentication test, thereby preventing others from pretending 
25 the user. 
[0013] 

Not only is it too hard to reproduce the original forms of biological 



individuality from its digitized data, but also others cannot duplicate the 
biological individuality even if they can reproduce the digitized data. This 
makes it possible to offer a superior level of reliability of the user authentication. 
In particular, since the biological individuality data for reference are 
5 recorded in the user authentication card, the user to be authenticated can be 
directly confirmed with his or her identity at the authentication access terminal 
without inquiring the identification from the certification authority remote from 
the authentication access terminal. This makes it possible to reduce a great 
deal of time and cost spent on communication with the certification authority. 
10 [0014] 

Though the user authentication can be performed by comparing the 
biological individuality data for comparison recorded in the user authentication 
card with the biological individuality data of a user made to input from the 
authentication access terminal by a logical arithmetic unit provided at the 

15 authentication access terminal, the computing function such as CPU, RAM and 
so on may also be provided in the user authentication card, for comparing the 
biological individuality data obtained from a used intending to exploiting the user 
authentication card with input and recorded information. 

A practical use of a user authentication card provided with having 

20 advanced functions such as IC card or the like permits to mitigate the load to 
the authentication access terminal, reduce the equipment cost, and make the 
system more user-friendly. Moreover, the security can be improved by 
preventing the authentication data from leaking outside, as the information 
processing is completed within the user authentication card in such a way. 

25 [0015] 

Further, in case where the certification authority connected to the 
authentication access terminal via the information communication channel holds 
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the record of the remaining part of the biological individuality data that was not 
recorded in the user authentication card, and the part of the biological 
individuality data is compared in response to an inquiry from said authentication 
access terminal for further authentication, as necessary information is divided 
5 and memorized, it is impossible to break through the authentication system 
even if biological individuality data is restored for instance from the data 
recoded in the authentication card, and it is also impossible to copy the data to 
be used for further authentication form the authentication card. 

Furthermore, even if the contents of the record in the authentication card 

10 are falsified, since the information at the certification authority is maintained, 
others cannot pretend to be the proper user. 

Even when someone succeeds to attack the certification authority, he 
cannot falsify the information of the user authentication card carried by the user, 
thus retaining the security. 

15 It should be appreciated that, if information diffused through the 

information communication channel is encoded, the security can be improved, 
because it is difficult to decode it, even if someone steal information in the 
middle of the communication channel. 
[0016] 

20 In case where the biological individuality data of a user are divided and 

recorded among the user authentication card and two or more certification 
authorities, and each certification authority compares the part of the memorized 
biological individuality data of the in response to an inquiry from the 
authentication access terminal or other certification authority for further 

25 authentication, in addition to the user authentication based on the user 
authentication card, the reliability of the user authentication can be enhanced by 
obtaining gradually the used authentication of certification authorities structured 
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for instance hierarchically. 
[0017] 

In the user authentication system of the invention, pass/fail determination 
may be selectively made by only the authentication result obtained by the 
5 authentication access terminal based on the information recorded in the user 
authentication card, or for more secure determination by adding the 
authentication results by the certification authority or authorities based on the 
information held in the authority or authorities but not recorded in the user 
authentication card, according to the grade of the required reliability of the 
10 authentication. 

A higher assurance is required for dealing with high price goods; on the 
contrary, such a careful user authentication is not required in case of dealing 
with low rice goods and it is necessary to confirm securely the request by the 
subject in case of dealing with those involving a high level privacy such as 
15 clinical records. 
[0018] 

The level of authentication for security may be predetermined for each 
authentication access terminal or each transaction, or it may be set for every 
transaction by the authentication access terminal. Alternatively, it may be 
20 automatically selected according to the sale price or other appropriate 
guidelines. 

Further, in this process of dividing information, even when whole 
biological individuality data are used for user authentication, because the 
authentication is executed at the authentication access terminal deriving most of 
25 the data from the user authentication card, the amount of information 
exchanged through the communication line can be reduced, and hence the 
traffic flows on the communication line and the time spent on inquiring can be 

11 



reduced. 

The division of information has also effects on the control of processing 
performance and memory capacity at the certification authority which is required 
to store information of a large number of users and to dispose a lot of inquiries. 
5 [0019] 

Furthermore, the user authentication system may include a registration 
authority provided with a memory device for storing biological individuality data 
of the user obtained at the registration station. The registration authority holds 
the full records of the biological individuality data of the user obtained at the 
10 registration station for use in judging the location where unauthorized use of 
data or an abnormal condition has occurred, reissuing a damaged 
authentication card, or repairing the data of the lower certification authorities. 
[0020] 

At the registration authority, the memory medium recording the biological 
15 individuality data may be removed from the information communication channel 

of the user authentication system so that it can be connected only when it is 

necessary. This makes it possible to prevent raid by hackers, and hence the 

leakage and falsification of personal information. 

For security, it is extremely effective that only a part of the user's 
20 biological individuality data are recorded in the user authentication card and the 

lower certification authorities, respectively, so that integrity of the data is not 

allowed to be at one place. 

[0021] 

The biological individuality data used in the user authentication system of 
25 the invention may include handwriting. The handwriting well represents a 
biological individuality of each person and is effective in preventing others from 
imitating the individual's, and besides, the input device or analyzer is relatively 
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easy to find. The user can write arbitrary letters or figures as his or her 
identification, but it is more desirable that the user writes his or her signature 
because of its better reproducibility. 

The biological individuality data may also include a fingerprint, a 
5 voiceprint, an iris or retina pattern, and DNA information. Further, it is probable 
to find other biological individualities recognizable more easily and securely, in 
future. 
[0022] 

The biological individuality data may be divided physically as recorded in 
10 the user authentication card and in the certification authority. For example, the 
first half and the second half of the biological individuality data may be recorded 
in the authentication card and in the certification authority, respectively, and 
checked separately. Alternatively, the information may be hierarchically 
divided such that information on the shape of handwriting is recorded in the 
15 user authentication card and information on the stroke pressure and stroke 
order is recorded in the certification authority. 

Further, plural kinds of biological individuality data such as a signature 
and a voiceprint may be recorded separately to judge the personal identification 
based on different kinds of information so as to improve the reliability. 
20 [0023] 

Furthermore, plural kinds of biological individuality data may be 
registered and make different transaction conducted in response to the type of 
input data. 

In addition to the normal data of biological individuality, other unique 
25 information may be used together which is effective only in a special case. For 
example, in a case where a user is compelled to put his or her signature under 
the threat or duress by another person, the user can secretly add a hidden 
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symbol or sign in his or her signature to notify a security firm of the emergency 
situation while making the threatener believe that he or she obediently puts his 
or her signature in usual way. 
[0024] 

5 As an option on this scheme, it may make a show of normal transactions 

such as to unlock a door or to withdraw cash in order to ensure personal safety 
in such an emergency case. 

Such biological individuality data as to use for the emergent purpose may 
be the same type as that of normal data, or combined data of plural different 
10 types such as to add voice data to a signature. 

Reversely, combined data with special code data added to dummy data 
may be used as correct authentication data. 
[0025] 

A user authentication card used of the present invention is a memory 
15 medium provided with a readable memory area which stores a signal for 

identifying the authentication card and at least part of the biological individuality 

data for distinguishing the individuality of a user from others to solve the 

aforementioned objects. 

The memory medium may be a read-only memory medium such as a 
20 ROM or CD-ROM, but a writable/readable memory medium may be possibly 

adopted which can add records of transaction details or new information 

because there is less danger of falsifying the contents of the record indicative of 

biological individuality data of the user therein. 

[0026] 

25 It is desirable to use a high-security IC card having a high 

counterfeit-proof function and a large data space, mounting an intelligent 
function and an encryption system thereon. 
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If an IC card with a CPU and a RAM mounted thereon is used, the IC 
card can take biological individuality data of the user in the card and compare 
them with checking data stored inside for authenticating user identification. In 
this case, the load of the authentication access terminal and the device cost of 
5 the terminal can be reduced. Further, the authentication data of the user 
authentication card can be made unreadable from the outside for improving the 
security. 
[0027] 

The use of an IC card enables to provide a multi-purpose card for 
10 achieving a high level of personal authentication with multiple functions 
mounted thereon. The IC card used here may be a composite type provided 
with a contact type that reads and writes data through an external terminal and 
a non-contact type that reads and writes data in a non-contact way without the 
external terminal. 

15 In particular, if the information is dividedly recorded, since it is useless to 

falsify the contents of the record in the user authentication card of the present 
invention, an economical and easy-to-use medium such as a floppy disk can be 
used as the user authentication card. There can be also used other writable 
media such as a CD-ROM, a DVD, a recording tape, or an MD. 

20 [0028] 

In order to solve the aforementioned objects, a user authentication device 
of the present invention includes an authentication-card reader for reading out 
information recorded in the user authentication card, an identity acquisition unit 
for obtaining biological individuality data of a user, a judgment unit for collating 
25 the biological individuality data in the authentication IC card read out by the 
authentication-card reader with the biological individuality data obtained on the 
spot through the identity acquisition unit and judging the acceptance, and a 
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display unit for displaying the judgment result. 
[0029] 

According to the user authentication device of the invention, the user who 
is requested to authenticate personal identification puts the user authentication 
5 card in the authentication-card reader, and inputs through the identity 
acquisition unit his or her biological individuality data of the same kind as that 
recorded in the user authentication card. As a result, the judgment unit checks 
the biological individuality data recorded in the user authentication card with that 
obtained by the identity acquisition unit and judges whether the checking result 
10 is acceptable, while the display unit indicates the judgment result. Thus, the 
person carrying the user authentication card can be judged immediately to be a 
proper card holder or not without external communication. 
[0030] 

The user authentication device should be equipped with the identity 
15 acquisition unit of the same type as the biological individuality input device used 
in the user registration station. A device having a function to take in 
handwritten figures may be used as the identity acquisition unit. The 
handwritten figure acquisition unit can input the predetermined handwritten 
figure, such as a signature, as digital data and easily compare the input figure 
20 with the biological individuality data on the user authentication card. 
[0031] 

The user authentication device of the invention preferably includes a 
communication unit for communicating with an outside certification authority, in 
which at least part of the biological individuality data of the user input through 
25 the identity acquisition unit is sent to the outside certification authority so that 
the user authentication device can receive the pass/fail judgment result from the 
certification authority and display the result through the display unit. 
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If the user authentication device is connected to the outside certification 
authority for hierarchical processing of the authentication data, invaders' evil 
access or falsification can be prevented, and this makes it possible to offer 
authentication performance with a higher level of security. 
5 [0032] 

Detailed Description of the Preferred Embodiments 

The present invention will be described in detail based on the 
embodiment with reference to the drawings. 

Fig. 1 is a block diagram illustrating a user authentication system as 

10 practiced in an embodiment of the present invention. Fig. 2 is a perspective 
view illustrating an example of a user authentication device used in the 
embodiment. Fig. 3 is a diagram of the user authentication device of the 
embodiment. Fig. 4 is a block diagram illustrating the examples of a user 
authentication card used in the embodiment. Fig. 5 is a flowchart illustrating the 

15 process of issuing the user authentication card in the embodiment. Fig. 6 is a 
flowchart illustrating the process of authentication at an access terminal in the 
embodiment. 
[0033] 

Embodiment 1 

20 As shown in Fig. 1, the user authentication system of the embodiment is 

of hierarchical structure in which an authorized registration authority, 
certification authorities, and authentication access terminals are arranged 
hierarchically. 

The authorized registration authority or the policy registration authority 
25 (PRA) 1 supervises the entire authentication network and issues certificates of 
commission of partial power to a plurality of intermediate certification authorities 
or policy certification authorities (PCA) 2 as licensees. The policy certification 
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authorities given the power then issues certificates of commission of partial 
power to a plurality of end certification authorities (CA) 3 as sub-licensees. 
[0034] 

The end certification authorities (CA) 3 act as go-betweens in connecting 
5 authentication access terminals (TM) 4 as clients who make use of user 
authentication, and users 8 who enjoy services offered by the clients. In the 
following description, access to various services may be called "transaction." 

The authorized or policy registration authority (PRA) 1 is provided with a 
memory 11 removable from the main equipment, while the policy certification 
10 authorities (PCA) 2 and the end certification authorities (CA) 3 are provided with 
memories 21, 31 connected to respective equipments at all times. 
[0035] 

These facilities are connected with each other through dedicated lines or 
public lines, so that information can be exchanged at any time. The 
15 connections may be made via the intranet or the internet. In exchanging 
information through the communication lines, it is preferable to ensure security 
through an encryption system using public keys or common or symmetric 
keys. 

The policy certification authorities (PCA) can be eliminated from the user 
20 authentication system. The policy certification authorities (PCA) can be provided 
over plural levels to increase the depths of the hierarchy to more than three. 

The policy registration authority (PRA), the policy certification authority 
(PCA), and the end certification authority (CA) may also be replaced by an 
institution which integrates all the functions. 
25 [0036] 

The end certification authorities (CA) are generally empowered by the 
policy registration authority (PRA) or an upper certification authority (PCA) to 
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execute authentication in a limited region such as a public administrative 
agency, a medical institution, a specific company, an apartment building, a mall, 
and the like. 

The end certification authority (CA) 3 is connected to authentication 
5 access terminals (TM) 4 which belong to the limited region and use the 
authentication. 
[0037] 

The authentication access terminals (TM) 4 may represent a window of a 
government office, a division reception desk or pharmacy reception desk in a 

10 hospital, a door in a laboratory or office, an information tool accessing a 
database to be protected, an apartment entrance or an apartment door, a 
remote control device for indoor utilities, a member-only club facility, a checkout 
counter at each store in a mall or in a large retail store such as a department 
store, a window in a monetary facility such as a bank, an automatic teller 

15 machine, and so on. 

In particular, it is considered that user authentication will be more 
important in the field of direct marketing hereafter. In this case, the 
authentication access terminal 4 may be placed in home of each user 8. 
[0038] 

20 The end certification authority (CA) 3 authorizes a user registering station 

(RG) 5 to receive a registration application from a user 8 who wants to be a 
consumer of an authentication access terminal (TM) 4, and authorizes an 
authentication-card issuing station (IS) 6 to issue user authentication cards 7. 
[0039] 

25 The user registering station (RG) 5 is furnished with an input device 51 

for obtaining biological individuality data. This embodiment uses an on-line 
handwritten-figure input device with a tablet and a pen. The on-line 
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handwritten-figure input device input handwriting of a user with the process of 
writing for graphic recognition, so that, when letters are input, the information on 
direction and order of each stroke of letters can easily be obtained. 
[0040] 

5 When a voiceprint is used as means of capturing the biological 

individuality, a microphone 52 is equipped for input user's voice. Any other 
device, such as a fingerprint or palm-print input device, or a device for 
observing a pupil to take in an iris or retina pattern, can also be provided. 

The use of a plurality of personal identification means makes the 
10 authentication more securely. 
[0041] 

The authentication-card issuing station (IS) 6 is furnished with an 
authentication-card issuing device 61. The authentication-card issuing device 
61 writes the information to be used for user identification in a user 

15 authentication card 7 and issues the authentication card to the user 8. In this 
embodiment, the user authentication system uses an IC card as the user 
authentication card. However, any other recording medium can be used as 
long as it is available for write and read operations, i.e., any other electronic 
recording medium can be used, such as a magnetic recording medium including 

20 a CD-ROM, a floppy disk, and a magnetic card, or a magneto-optic recording 
medium. 
[0042] 

The authentication access terminal (TM) 4 is furnished with a user 
authentication device 41 that examines genuineness of the user authentication 
25 card 7 carried by the user 8 and authenticate the user 8. 

Figs. 2 and 3 show an example of a configuration of the user 
authentication device 41 . 
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Arranged on the front panel of the user authentication device 41 are an 
input/output unit 401 with a slot for inserting an authentication card 7, which 
exchanges information with a memory area of the inserted authentication card 
7; an authentication-level specifying unit 402 that specifies the depth of 
5 authentication required for the current transaction; a personal identity input unit 
403 that takes in a biological individuality data of the user; and an authentication 
display 404 that displays the authentication result. 
[0043] 

The personal identity input unit 403 is the same as the biological 
10 individuality input device 51 used at the user registering station (RG) 5. If the 
voiceprint is used together in user authentication, a microphone 42, of course, 
needs to be provided to the user authentication device 41 of the authentication 
access terminal (TM) 4. The personal identity input unit 403 is thus equipped 
with respective input means corresponding to types of the biological 
15 individualities to be used. 
[0044] 

Electronic circuitry 410 is incorporated inside the user authentication 
device 41; it acts to organically combine the functions of these units for user 
authentication. 

20 The electronic circuitry 410 includes an authentication card read/write 

control part 411, an identity information converting part 412, a judgment part 

413, and a communication part 414. 

The authentication card read/write control part 411 has the functions to 

read the contents of information recorded in the authentication card through the 
25 input/output unit 401, to decode the encrypted digital data, and to record the 

transaction results onto the authentication card as well. 

[0045] 
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The identity information converting part 412 converts the biological 
individuality data taken in by the personal identity input unit 403 to digital data. 

The judgment part 413 takes in output information from the authentication 
card read/write control part 411, the identity information converting part 412 and 
5 the authentication-level specifying unit 402, authenticates user identification 
according to the level of required authentication based on those output 
information added with information exchanged with the certification authorities 
through the communication part 414, and indicates the authentication result 
through the authentication display 404. 
10 [0046] 

When the user is authenticated and a transaction is established, then the 
transaction result is input from a transaction-detail input unit 420 and the 
transaction details are displayed on a transaction display 421, so that the user 8 
can confirm the transaction details. The transaction details are also recorded 
15 in a memory 422. 

The judgment part 413 may be designed to automatically send the user 
authentication result to the transaction-detail input unit 420 so that the 
transaction may be determined to be accepted or refused. 
[0047] 

20 Further, the transaction details or transaction history may be recorded in 

the user authentication card 7 by inputting the transaction information via the 
transaction-detail input unit 420. 

As an example, when the user authentication card 7 is used for 
settlement purpose, the purchasing date, purchased product names, and their 

25 prices can be recorded, and those make it easy for the user to confirm the 
transaction at payment. When the card used for administrative services, 
information related to various certificates or identification papers such as health 
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insurance card, driver's license, medical record and certificate of residence, can 
be received and stored in the user authentication card 7. 

Privacy of the user can be protected by requiring user authentication 
anytime when a person reads the contents recorded in the user authentication 
5 card 7 so that any access by all but the user concerned shall be prohibited. 
[0048] 

In addition to the biological individuality data used for normal 
authentication, other unique information that is effective only in special cases 
may be used together. For example, in a case where a user is compelled to 

10 put his or her signature under the threat of a robber or duressor, the user can 
secretly add a hidden symbol or sign in his or her authentic signature to notify a 
security firm of the emergency situation while normal transactions are taking 
place such as opening a door or withdrawing cash, so that the security officers 
can take appropriate action such as to arrest the criminal as soon as the safety 

15 of the user is ensured. 

Such biological individuality data as to use for special purposes may be 
combined data of plural different types such as twice coughs at the time of 
signature. 
[0049] 

20 Fig. 4 is a block diagram illustrating internal arrangements of the user 

authentication card 7 made of an IC card. 

The user authentication card 7 as practiced in the embodiment is a 
composite-type IC card provided with a contact type connector transmitting 
electric signals through a terminal 71 and a non-contact type connector 

25 establishing communication by means of electrostatic coupling or 
electromagnetic induction without contact between an electrode 73 in the card 
and an electrode inside the authentication card read/write control unit. The user 
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authentication card 7 is designed in consideration of a case where plural card 
issuers place a commonly usable terminal, respectively, for a single common 
card to be openly used by its carrier for respective issuers. The IC card, 
however, may be provided with either one of the connectors. 
5 [0050] 

The terminal 71 is connected to a connection circuit 72; the non-contact 
type electrode 73 is connected to a communication control circuit 74. Both are 
coupled with built-in memories. 

The user authentication card 7 also includes a CPU 75 and memories 
10 comprising of a random access memory RAM 76, a read-only memory ROM 77, 
an electrically-writable, programmable read-only memory PROM 78, and an 
electrically-erasable, programmable read-only memory EEPROM 79. These 
are connected with each other through a bus. 

The connection circuit 72, the communication control circuit 74, the CPU 
15 75 and the memories can be mounted on a single IC chip. 
[0051] 

Upon insertion of the user authentication card 7, the authentication card 
read/write control unit 411 accesses the memories of the user authentication 
card 7 either from the terminal 71 through the connection circuit 72, or from the 

20 non-contact electrode 73 through the communication control circuit 74. 

The PROM 78 stores card authentication data for examining the 
authenticity of the authentication card concerned and an ID of issuer that has 
issued the user authentication card upon approval, and the like. The data once 
written in the PROM 78 cannot be renewed. 

25 The EEPROM 79 stores biological individuality data for use in 

authenticating user identification and the record of transactions executed using 
the authentication card. The ROM 77 stores programs for control of the CPU 
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75 to execute encryption and decryption, control of data input/output, 
examination of the authenticity of the user authentication device 41, and so on. 
The RAM 76 temporarily stores data taken from the outside and data needed in 
the computing process, and so on. 
5 [0052] 

Unused user authentication cards 7 are distributed to each 
authentication-card issuing station 6 on the condition that correct card certificate 
information has been written in the PROM 78 at the authorized or policy 
registration authority 1 to prove that the authentication cards are genuine cards 

10 available in the system. Therefore, all the authentication-card issuing station 6 
has to do is to write in part of biological individuality data of the user in the 
EEPROM 79 in accordance with instructions by the authorized registration 
authority 1. In this regard, the writing function of the PROM 78 may be omitted 
from the authentication-card issuing device to prevent the card from being 

15 falsified. 

The authentication card is not limited to the arrangement or allotment of 
the memories as practiced in the embodiment. For example, the biological 
individuality data for use in authenticating personal identification may be stored 
in the PROM 78 or RAM 76. 
20 [0053] 

The following section describes, along with Fig. 5, an example of the 
process of issuing a user authentication card. 

The user registering station 5 accepts a registration application from a 
user 8 who wants to receive services at authentication access terminals within 
25 the territory of the user registering station 5 (S1 1). The user registering station 
5 gathers information indicative of biological individualities of the user, and if 
necessary, information for use in pre-qualifying the user 8 (S12). The 
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biological individuality data used here are characters unique to the user's living 
body; they should be selected for characteristics through which the user can be 
distinguished from others in disguise or in imitation of the user. 
[0054] 

5 In the embodiment, handwriting is used for identifying the user. 

Although any figure is possible, if the user 8 inputs different figures every time, it 
would be inconvenient to authenticate personal identification. It is therefore 
desirable for the user to put his or her own signature so as to secure the 
reproducibility. In addition to the handwriting, the use of plural biological 

10 individuality data can improve the security of authentication, and hence, the 
auxiliary microphone 42 is provided here for acquiring voiceprints. 

The qualification information and the biological individuality data of the 
applicant, both gathered at the user registering station 5, are then transmitted to 
the authorized registration authority 1 (S13). 

15 [0055] 

The authorized registration authority 1 pre-qualifies the applicant based 
on the information from the user registering station 5, and permits the issue of 
an authentication card to the applicant who has passed in the pre-qualification 
(S14). The qualified conditions depend on the target services for which the user 

20 requests the authentication. In this regard, the end certification authority 3 that 
actually accepts the user may examine the qualification of the user. 

The authorized registration authority 1 divides the biological individuality 
data of the registered user 8 hierarchically into data parts according to 
predetermined proportions, decides the parts to be assigned to the user 

25 authentication card 7 and the certification authorities 2, 3, respectively, and 
distributes them to each place (S15). 
[0056] 
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The biological individuality data distributed from the authorized 
registration authority 1 to each place is to be accessed based on the 
authentication accuracy required by the authentication access terminal 4. If 
the authentication access terminal 4 requires the least-level of authenticity, the 
5 authentication needs only the checking result of the authentication device 41 of 
the authentication access terminal 4. If a medium-level of authenticity is 
required, the user is to be authenticated based on the checking result of the 
authentication device 41 plus the information stored at the end certification 
authority 3. If the highest-level of authenticity is required, all the biological 
10 individuality data distributed to all the different places should be integrated for 
the judgment. 
[0057] 

The user authentication system of the invention is constituted such that 

further authentication by the upper authorities based on the biological 
15 individuality data can be requested only when the authenticity has examined 

and passed at the authentication access terminal. The upper authorities 

execute authentication based on the information except included inside the user 

authentication card. 

Therefore, the user authentication card 7 needs to be distributed with 
20 information enough for certification with a degree of accuracy by comparing with 

biological individuality data input by the user at the spot so that the user can be 

judged to be authentic. 

[0058] 

In this embodiment, 60 % of information is assigned to the user 
25 authentication card 7, 30 % to the end certification authority 3, and the rest of 
10 % to the intermediate authority 2. Such a gradual decrease of information 
amount can not only save the memory capacities at the upper authorities, but 
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reduce load time for each authentication as well, thereby improving information 

protecting performance throughout the entire system. 

[0059] 

It should be noted that it is desirable for the user authentication card 7 to 
5 hold a relatively high percentage of biological individuality data so as to prevent 
excess amount of information from being transmitted to the upper authorities 
upon request to execute a higher-level of authentication. 

On the contrary, excess percentage of information to be assigned to the 
user authentication card 7 may lower the reliability of user authentication. 
10 It is therefore essential to distribute the biological individuality data in 

dividing proportions adapted to each practical conditions in consideration of 
number of user accesses, required level of authentication security, and so forth. 
[0060] * 

Information may be divided such that all the digitized data is divided 
15 physically in predetermined proportions, or divided on the step-by-step basis. 
For example, information of handwriting may be divided into information related 
to a final figure of handwriting, information related to stroke on the way of writing, 
and information on the stroke order. Any biological individuality data can be 
divided for use in each related spot, for example, a voiceprint can be divided by 
20 frequency band, or a fingerprint can be divided by finger. 

In the case a plural types of biological individuality data such as 
handwriting and a voiceprint are extracted, the biological individuality data may 
be distributed by type. 
[0061] 

25 The authorized registration authority 1 stores information related to the 

authentication card and the user in a large-capacity memory means 11 
removable from the main device, such as a magnetic tape, a CD-ROM, a 
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magneto-optical disk, a DVD, or a removable hard disk (S16), and upon receipt 
of a request from a lower authority, a person in charge inserts the memory 
means into a driver in order to check the registered information. 

At the authorized registration authority 1, the removable recording 
5 medium 11 is stored by separating it from an external communication network 
when it is not in use so as to prevent violence or falsification of records. 
[0062] 

The certification authorities 2, 3 stores distributed part of the biological 
individuality data of individuals into the memories 21, 31, respectively, and 
10 reads out it on demand. 

The authentication-card issuing station 6 records the part of biological 
individuality data of the registered applicant distributed by the authorized 
registration authority 1 in a user authentication card 7 which records its own 
card authentication code, and issues the card 7 to the user 8 (S17). 
15 [0063] 

A plurality of user registering stations (RG) 5 and authentication-card 
issuing stations (IS) 6 can belong to a single end certification authorities (CA) 3. 

Further, since the user 8 is required to go to the user registering station 5 
and input his or her biological individuality data, the authentication-card issuing 
20 station 6 for issuing the card to the user 8 is convenient for the users if it locates 
at the same location as the user registering station 5. 
[0064] 

It may also be useful to have a reliable witness to identify the user 8. But 
it is hard for any mechanism to exclude a person pretending to be another 
25 person from the beginning. 

Further, the authentication card is not necessarily issued immediately 
after the registration procedures, and it may be mailed later to the user's 
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address in order to confirm the facts the user has declared. 

Furthermore, the user registering station (RG) 5 and the 
authentication-card issuing station (IS) 6 may belong to the authorized 
registration authority (PRA) 1 . 
5 Furthermore, an issuer can conduct registration/issue procedures at any 

place if the issuer carries a portable terminal having the same functions as 
those provided at the user registering station (RG) 5 and the authentication-card 
issuing station (IS) 6. The use of such a portable terminal should be restricted 
to only the issuers who have been authentically licensed by the authorized 
10 registration authority (PRA). Even in this case, the issuer is never permitted to 
use the portable terminal without passing in strict examination and receiving a 
certificate of issuer. 
[0065] 

The following section describes, along with Fig. 6, an example of the 
15 process of authenticating user identification using a user authentication card 7 
at an authentication access terminal 4. 

When a user 8 presents his or her user authentication card 7 and applies 
to a transaction at an authentication access terminal 4, the user authentication 
card 7 is inserted into the card slot (input/output unit) 401 of the authentication 
20 device 41 of the authentication access terminal 4 to read out the authentication 
information from the user authentication card 7. The authentication information 
includes information for confirming the authenticity of the card and biological 
individuality data for use in authenticating user identification. 
[0066] 

25 At the authentication access terminal 4, the card is authenticated first 

(S21). The card authentication confirms that the user authentication card 7 is 
authentic, i.e., that the card is adapted to the user authentication system for use 
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at the authentication access terminal 4, and that the person is the authentic 
holder of the card. If the user authentication card 7 is not adapted to the 
authentication system, any transaction will not be accepted at the authentication 
access terminal 4 from the very first. 
5 It should be noted that, in order to confirm that the user authentication 

card 7 is not accessed by an unauthorized device, there may be provided a 
mechanism in which a program in the user authentication card 7 verifies 
whether the authentication device 41 is qualified to the authentication card itself, 
and if the device is not proper, the authentication card rejects the disclosure of 
10 the stored contents. 
[0067] 

When the user authentication card 7 has passed in the authentication, 
the user 8 is then required to show the same biological individuality as the user 
deposited when obtaining the user authentication card 7, e.g., to put his or her 

15 signature on the tablet (personal identity input unit) 403 (S22). 

The biological individuality data input from the tablet 403 is checked 
against the biological individuality data recorded in the user authentication card 
7, which is, for example, 60 % of the biological individuality data of the user, and 
the user 8 at the window is judged to be the authentic holder of the user 

20 authentication card 7 or not (S23). The user authentication result is displayed 
on the display 404 (S24). 
[0068] 

The subsequent procedures at the authentication access terminal 4 vary 
according to whether the user has been authenticated or not (S25). If the user 
25 authentication is negative, the authentication access terminal 4 will reject any 
transaction (S33). If the user authentication is affirmative, it is checked 
whether or not further on-line authentication is to be requested from upper 
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authentication institutions (S26). If no on-line authentication is needed, the 
authentication access terminal 4 may accept the transaction applied by the user 
8 at once (S32). 

The presence or absence of reqdest and the depth of the request for the 
5 on-line authentication may be input by an operator or the user 8 with the 
authentication-level specifying unit 402 at every transaction, or may be 
automatically set based on nature of the transaction or the transaction money. 
[0069] 

If the on-line authentication is needed, a request for a certain level of 
10 authentication is sent to the end certification authority 3, together with the 
information of the user authentication card 7 and the personal identity 
information obtained at the personal identity input unit 403 (S27). The 
personal identity information to be sent can be a part, for example, 40 % of the 
personal identity information, exclusive of the part used at the authentication 
15 access terminal 4, so that the quantity of information exchanged between the 
authentication access terminal 4 and the end certification authority 3 can be 
reduced. 
[0070] 

The necessity of the on-line authentication should be determined 
20 according to the level of security required based on the nature of the transaction. 
Specifically, commercial transactions about highly realizable goods or 
expensive goods, disclosure of personal information, and something like that 
require secure authentication; such transactions should request user 
authentication of upper authorities. 
25 The depth of on-line authentication may also be specified by the nature of 

the authentication access terminal 4. For example, at a hospital reception 
desk, a high level of authentication of personal identification may often be 
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required to protect a person's privacy and insure accurate medical treatment. 
Especially, in case of telecommuting medical treatment, it is preferable to 
request user authentication from the upper authorities. 
[0071] 

5 The information sent to the end certification authority 3 is checked with 

the identity information characteristic of the user 8, the identity information 
stored in the memory 31 (S28), and the authentication results are forwarded to 
the authentication access terminal 4 (S29). 

Since the end certification authority 3 has only the record for 30 % of the 

10 identity information on the user, if the user authentication at the end certification 
authority 3 is insufficient, further user authentication will be requested from the 
policy certification authority 2. Since the policy certification authority 2 has only 
the record for 10 % of the identity information on each user, the policy 
certification authority 3 uses 10 % of the identity information obtained at the 

15 authentication access terminal 4, so that the information to be sent from the end 
certification authority 3 to the policy certification authority 2 can be vastly 
reduced. 

The user authentication results of the policy certification authority 2 are 
sent back to the authentication access terminal 4 through the end certification 
20 authority 3. 
[0072] 

The user authentication results of all the authenticating facilities are 
integrated into a resultant total output and displayed on the authentication 
display 404. If the total result satisfies the user authentication, the transaction 
25 is accepted (S32), and if not satisfy, the transaction is rejected (S33). 

When the user authentication is denied, there is a possibility of any fraud 
such as the falsification of records or disguise of the user. In this case, it is 
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preferable to send the information to the authorized registration authority 1 and 

to analyze the troublesome and its cause. 

[0073] 

Since the authorized registration authority 1 stores protected records that 
5 is difficult to invade or falsify from the outside, the records of the authorized 
registration authority can be compared with the data input at the authentication 
access terminal 4 to make it clear where the abnormal conditions occurred 
among the user authentication card 7, the end certification authority 3, and the 
policy certification authority 2. 

10 If the contents of the user authentication card 7 do not match with the 

information input by the user 8, it should be considered that the user 
authentication card 7 got into wrong hands, such as a case where another 
person who is not the authentic user picked up or robbed the user 
authentication card 7, or where the data of the user authentication card was 

15 rewritten by unauthorized access. 
[0074] 

Embodiment 2 

The user authentication system as practiced in the second embodiment 
differs from the first embodiment only in that the user authentication card has an 

20 operation function to check the biological individuality data of the user with the 
identity information recorded thereon, in stead of the use of the logical 
arithmetic unit provided at the authentication access terminal to check the 
biological individuality data input from the personal identity input unit with the 
biological individuality data recorded in the user authentication card. Referring 

25 here to the same drawings as used for describing the first embodiment, only the 
different portions from the first embodiment are described. 
[0075] 
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On an IC card used here as the user authentication card 7, certain 
elements such as the CPU 75 and RAM 76 can be mounted to have a certain 
operation function. 

In the system of the embodiment, a user 8 who wants to receive services 
5 at an authentication access terminal 4 inputs his or her own biological 
individuality data through the user authentication device 41. The biological 
individuality data are then processed accordingly, converted into digitized form, 
and sent to the user authentication card 7. 
[0076] 

10 The user authentication card 7 stores the input information data into the 

RAM 76 temporarily. The CPU 75 then reads out the biological information 
data of the authorized user from the EEPROM 79, and compares the 
information data temporarily stored in the RAM 76 with the information data 
read out from the EEPROM 79. If the comparison shows that all the points of 

15 similarity between either information data are within an acceptable range, the 
person asking for services at the authentication access terminal 4 is 
authenticated as the true holder of the user authentication card 7, and the 
authentication access terminal 4 is notified of the acceptance. If the person 
has not passed in the authentication, the authentication access terminal 4 is 

20 notified of the refusal. 
[0077] 

After accepting the user authentication result from the user authentication 
card 7, the authentication access terminal 4 offers desired services to the user 8. 
If more careful authentication is needed, the authentication access terminal 4 
25 inquires the end certification authority 3 or the policy certification authority 2 to 
further authenticate the person in accordance with the authentication results 
from the upper authorities. It should be noted that the authentication access 
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terminal 4 may be combined with the end certification authority 3. 

Although the proportions of biological information data distribution among 
related spots can be determined arbitrarily, it is advantageous to allocate a 
higher percentage of biological information data for lower-level authentication as 
5 shown in the first embodiment. This makes it possible to reduce a 
communication load of the entire system, and hence to improve the system 
operability. It is therefore preferable to allocate the user authentication card 7 
more than 60 % of the biological information data. 
[0078] 

10 In the embodiment, the system makes use of an intelligent IC card as the 

user authentication card 7 not only to reduce the calculation load of the user 
authentication device 41 , but to decrease the device cost as well. Therefore, the 
smaller cost for preparing the facilities at the authentication access terminal 4 
lowers barriers for clients to join the system, thereby enhancing the availability. 

15 Further, since all the information processing is completed inside the user 

authentication card, the authentication card can be provided with a readout 
prohibited area for recording important information as authentication data which 
prohibits any outside parties from access. This makes it possible to prevent 
secret information from leaking, and hence to improve security. 

20 [0079] 

Effects of the Invention 

As described in detail hereinabove, if the user authentication system of 
the present invention is used, a user authentication corresponding to the 
required level of security can be obtained, by performing the majority of 

25 information processing at the authentication access terminal without charging a 
large load to the communication channel, because the identity information 
input directly by the user at the authentication access terminal and the biological 
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individuality data in the authentication card are compared, and a part of the 
identity information is transmitted to an authentication authority of the higher 
order for further authentication in case where a higher level of assurance is 
desired. 

5 Brief Description of Drawings 

Fig. 1 is a block diagram illustrating a user authentication system as 
practiced in an embodiment of the present invention; 

Fig. 2 is a perspective view illustrating an example of a user 
authentication device used in the embodiment; 
10 Fig. 3 is a circuit diagram of the user authentication device of the 

embodiment; 

Fig. 4 is a block diagram illustrating the examples of configurations of a 
user authentication card used in the embodiment; 

Fig. 5 is a flowchart illustrating the process of issuing the user 
15 authentication card in the embodiment; and 

Fig. 6 is a flowchart illustrating the process of authentication at an access 
terminal in the embodiment. 
Explanations of numerals 
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ABSTRACT 
Problem to be Solved 

A user authentication system of higher security allowing to obtain results 
rapidly, and a user authentication card and a user authentication device used 
for the same shall be provided. 
Means to Solve the Problem 

Biological individuality data such as handwriting, voiceprint or the like for 
distinguishing individuality of a user 8, a user authentication card 7 recorded 
with at least a part of the biological individuality data thereof, the recorded 
contents in the user authentication card 7 read out by an authentication card 
reader 41 are compared with the biological individuality data of the user input to 
the identity acquisition device for authorizing the used directly at an 
authentication access terminal. Besides, certification authorities 2, 3 of higher 
order are provided, and remaining part is recoded in respective certification 
authorities, without recording all of the biological individuality data of the used in 
the user authentication card, and the reliability of authentication can be 
improved by the additional authentication through the comparison of the parts of 
the recorded biological individuality data in response to an inquiry from the 
authentication access terminal 4. 

Selected drawing: Fig. 1 
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